Comparison of disk encryption software
This is a technical feature comparison of different disk encryption software. Background information Operating systems Features * Hidden containers: Whether hidden containers (an encrypted container (A) within another encrypted container (B) so the existence of container A can not be established)http://www.jetico.com/linux/bcrypt-help/c_hiddn.htm Hidden containers description from Jetico (BestCrypt) can be created for deniable encryption. Note that some modes of operation like CBC with a plain IV can be more prone to watermarking attacks than others. * Pre-boot authentication: Whether authentication can be required before booting the computer, thus allowing one to encrypt the boot disk. * Custom authentication: Whether custom authentication mechanisms can be implemented with third-party applications. * Multiple keys: Whether an encrypted volume can have more than one active key. * Passphrase strengthening: Whether key strengthening is used with plain text passwords to frustrate dictionary attacks, usually using PBKDF2. * Hardware acceleration: Whether dedicated cryptography acceleration extension cards can be taken advantage of. * Trusted Platform Module: Whether the implementation can use a TPM cryptoprocessor. * Two-factor authentication: Whether optional security tokens (hardware security modules, such as Aladdin eToken and smart cards) are supported (for example using PKCS#11) Layering * Whole disk: Whether the whole physical disk or logical volume can be encrypted, including the partition tables and master boot record. Note that this does not imply that the encrypted disk can be used as the boot disk itself; refer to "pre-boot authentication" in the features comparison table. * Partition: Whether individual disk partitions can be encrypted. * File: Whether the encrypted container can be stored in a file (usually implemented as encrypted loop devices). * Swap space: Whether the swap space (called a "pagefile" on Windows) can be encrypted individually/explicitly. * Hibernation file: Whether the hibernation file is encrypted (if hibernation is supported). Modes of operation Different modes of operation supported by the software. Note that an encrypted volume can only use one mode of operation. * CBC with predictable IVs: The CBC (cipher block chaining) mode where initialization vectors are statically derived from the sector number and are not secret; this means that IVs are re-used when overwriting a sector and the vectors can easily be guessed by an attacker, leading to watermarking attacks. * CBC with secret IVs: The CBC mode where initialization vectors are statically derived from the encryption key and sector number. The IVs are secret, but they are re-used with overwrites. Methods for this include ESSIV and encrypted sector numbers (CGD). * CBC with random per-sector keys: The CBC mode where random keys are generated for each sector when it is written to, thus does not exhibit the typical weaknesses of CBC with re-used initialization vectors. The individual sector keys are stored on disk and encrypted with a master key. (See GBDE for details) * LRW: The Liskov-Rivest-Wagner tweakable narrow-block mode, a mode of operation specifically designed for disk encryption. Superseded by the more secure XTS mode due to security concerns.LRW_issue * XTS: XEX-based Tweaked CodeBook mode (TCB) with CipherText Stealing (CTS), the SISWG (IEEE P1619) standard for disk encryption. See also * Disk encryption software * Disk encryption theory * List of cryptographic file systems * Cold boot attack * Comparison of encrypted external drives Notes and references External links * On-The-Fly Encryption: A Comparison - A much larger comparison of disk encryption software, sorted by OS Category:Disk encryption Disk encryption software Category:Cryptographic software Disk encryption software id:Perbandingan perangkat lunak enkripsi cakram keras